Sylvester Idugboe

678-***-****

ad18pq@r.postjobfree.com

PROFILE

I have over seven years of experience in cybersecurity with demonstrated ability in governance, compliance management, risk management, policy development, controls testing, vulnerability management, disaster recovery and continuity of operations plans. I can communicate effectively and explain technology in a simple and easy-to-understandable way to non-technical users, specifically non-technical business units and senior management. I am well-versed in streamlining processes, driving efficiency, and encouraging team performance. I’m looking to secure a position as a security analyst in an organization where I can utilize my skills and contribute to its growth.

SKILLS

•Well-versed in compliance obligation management, with pertinent working experience.

•Exceptional understanding of third-party risk, as well as adept risk mitigation strategies.

•Experience with SOC 2 Implementation

•Experience with ISO 27001 implementation

•Experience with Training and Awareness

•Experience with PCI-DSS

•Experience performing Risk assessment NIST 800-30 and NIST 800-53

•Capable of adaptability and delivering results both collaboratively as part of a team and independently.

•Astute organizational acumen, with the ability to prioritize and seamlessly navigate the demands of tight deadlines.

•A solid foundation of information security standards and frameworks, including ISO 27001, NIST CSF, SOC 2, CIS 18, and PCI-DSS, with relevant working experience.

•Experienced in the realm of vulnerability management,

EDUCATION

•AMBROSE ALLI UNIVERSITY, - B.Sc. Business Administration.

PROFESSIONAL CERTIFICATIONS

•Certified Information Systems Auditor (CISA)

WORK EXPERIENCE

First Citizen Bank - USA July 2019 – Present

GRC Specialist

Responsibilities:

•Develop and perform continuous reviews of cybersecurity policies and standards by incorporating changes in requirements from the business, technology, and regulatory perspectives into policy updates and revisions.

•Lead compliance audits/assessments (annual audits and due diligence requests for information), Internal Audit, and external auditors (ISO27001 SOC 2, PCI DSS, etc.).

•Lead initiatives and processes including vendor risk management, IT security reviews and implementations, and security training and awareness programs.

•Lead and contribute to compliance activities and initiatives, including continuous monitoring activities supporting critical security and data protection processes.

•Ensure security and compliance documentation is up to date and work with assessors on changes ensuring these changes are updated in the documentation and manage any testing and re-compliance requirements.

•Engage, coordinate, and collaborate with stakeholders across the company and address their concerns and policy needs through consultation processes.

•Review requests for policy exemptions and exceptions and approve them, depending on risk levels, and recommend compensating controls to mitigate risks.

•Assess, analyze, and identify control gaps from policies and standards perspectives and develop recommendations for mitigation and improvements.

•Support communication on policies and respond to requests and inquiries concerning cybersecurity policies and standards.

•Develop, promote, and continuously enhance third-party governance in collaboration with internal and external stakeholders.

•Support third-party risk management activities throughout its lifecycle as required, including ongoing monitoring, review, challenges, and participation in third-party materiality and risk assessments.

•Assist in the planning and completion of compliance activities and liaise with external auditors in the performance of their control activities.

•Evaluate business processes and procedures to identify compliance risks and make recommendations to address them.

•Investigate and respond to compliance risk issues, and regulatory inquiries, including preparing required. documentation and making recommendations to senior management on how to proceed.

•Promote and assist in the monitoring and enforcement of compliance with policies and standards.

•Assist in executing quarterly and annual audits of FCB compliance program, identifying gaps and creating remediation plans to address them.

•Performed validation and testing of the effectiveness of implemented security controls to assure compliance.

AT&T - USA July 2016 – Jun 2019

IT Risk and Compliance Analyst

Responsibilities:

•Executed and maintained up-to-date risk assessments, identifying mitigating controls to ensure AT&T residual risks align with its risk tolerance.

•Lead, operate, and maintain the ISO27001 audit within the organization.

•Lead and identify additional security compliance opportunities for the business, including but not limited to PCI DSS, SOC2, and ISO27001.

•Champion 3rd party risk assessment and project risk assessment.

•Coordinate with all areas of the business in applying remediation strategies to ensure compliance requirements and best practices are incorporated.

•Collaborating across functions including IT, engineering, product owners, and other business stakeholders as required

•Collaborated with all relevant stakeholders to perform the risk assessment and present the results to the business owners.

•Evaluated and aligned business practices with risk management and information security frameworks and standards.

•Co-ordinated escalations to appropriate support teams and asset owners to ensure timely mitigation of identified gaps and risks.

•Conducted ongoing, risk-based monitoring of vendors and third-parties adherence to established security requirements.

•Performed business impact analysis and provide reports to senior management monthly, indicating the status and level of security compliance with all information security compliance requirements.

•Ensured change management process is followed during resolution efforts of incidents and problem tickets

•Conducted accurate and timely investigation of issues to ensure SLAs were not compromised.

Network Rail - UK May 2010 – Jun 2015

Business Specialist, Compliance Management

Responsibilities:

•Define and control interfaces between the outlined and other management systems to ensure roles and responsibilities are clearly aligned and agreed.

•Collaborate with relevant management systems (e.g., ECMS, Risk, Compliance) as needed to ensure adequate understanding and responsibility for binding obligations.

•Review, at least annually, the compliance management system organizational design and implementation to evaluate the segregation of duties and adequacy of skills and resources.

•Analyze and asses the initial scope of exposure by meeting with business owners.

References available upon request

Contact this candidate